Posted
by
samzenpuson Monday December 24, 2012 @04:11PM
from the read-all-about-it dept.

benrothke writes "When the IBM PC first came out 31 years ago, it supported a maximum of 256KB RAM. You can buy an equivalent computer today with substantially more CPU power at a fraction of the price. But in those 31 years, the information security functionality in which the PC operates has not progressed accordingly. In Burdens of Proof: Cryptographic Culture and Evidence Law in the Age of Electronic Documents, author Jean-François Blanchette observes that the move to a paperless society means that paper-based evidence needs to be recreated in the digital world. It also requires an underlying security functionality to flow seamlessly across organizations, government agencies and the like. While the computing power is there, the ability to create a seamless cryptographic culture is much slower in coming." Keep reading for the rest of Ben's review.

Burdens of Proof: Cryptographic Culture and Evidence Law in the Age of Electronic Documents

author

Jean-Fran&amp;amp;amp;amp;amp;#231;ois Blanchette

pages

288

publisher

MIT Press

rating

9/10

reviewer

Ben Rothke

ISBN

978-0262017510

summary

Excellent overview and history of using cryptography to build a trust framework

The so called Year of the PKI has been waiting for over a decade, and after reading Burdens of Proof, it is evident why a large-scale PKI will be a long time in coming. More than that, getting the infrastructure in place in a complex environment that exists in the USA with myriad jurisdictions and technologies may prove ultimately to be impossibility.

The irony is that an effective mechanism for digital authentication would seem to be an indispensable part of the digital age. The lack of such an authentication infrastructure may be the very reason that fraud, malware, identity theft and much more, are so pervasive on the Internet.

The premise of this fascinating book is that the slow decline from the use of paper from a legal and evidentiary perspective has significant consequences. For the last few hundred years, paper has been ubiquitous in modern life; from legal and health records, school, employment and everything in between.

The book details the many challenges that businesses and governments face in moving from a paper-based record society and the underlying trust mechanisms that go along with it, to a new digital-based record system, and how a new framework is needed for such a method. The book details part of that new framework.

The book opens with an observation on the authenticity of President Obama's birth certificate. While Blanchette is not a birther, he does note that if the moral authority of paper records has diminished, then the electronic documents replacing them, which are what the Obama administration provided, appear to be even more malleable. And that is precisely the issue that he addresses.

Blanchette details a compelling story and writes it as an insider. He was a member of a task force appointed in 1999 by the French Ministry of Justice to provide guidance on the reform of the rules governing the admissibility of written evidence in French courts, into a digital format.

The first few chapters provide an excellent overview of the history of cryptography. Chapter 3 – On the Brink of a Revolution– gives an excellent summary of cryptography from 1976 on, starting with seminal research that was done by Diffie and Hellman, and Rivest, Shamir and Adleman (RSA).

In chapter 5, Blanchette details his narrative about how France embraced and moved to a more digital governmental framework. He notes that the challenge was that France was the country that gave bureaucracy its name, and is a place where citizens must carry at all times their papers d'identite and is a society enmeshed in paper. Blanchette writes of the many French bureaucracies that had to let go of their protectionist stances as they moved down the path to letting electronic documents have legal validity.

Blanchette writes that in France, one of the biggest impediments to moving to a digital framework were the French civil-law notaries or notaire. French notaries are much more powerful than a notary public in the US, and are closer to being what a paralegal does in the US.

The French notaire are a wealthy and powerful monopoly when it comes to issues of purchases, sales, exchanges, co-ownerships, land plots, leases, mortgages and the like. A notaire can form a corporation prepare commercial business leases and much more. The entire French notary profession had been dependent on its monopoly to grant authenticity, and no definition of electronic authenticity could emerge and succeed if it did not meet its criteria.

While paper trust may be intuitive now, Blanchette writes that it wasn't always the case. When documents were first created (whenever that may have been), they did not immediately inspire trust. As with other innovations, there was a long and complex period of evolution needed to gain accepted levels of trust.

In chapter 6, the books notes that many people assumed cryptography would be the mechanism that would inspire trust in the digital world. Blanchette writes that the mistake cryptographers made and sometimes continue to make; is that they often assumed that the properties of cryptographic objects will translate transparently into the complex social and institutional setting in which they are deployed in.

This was incisively noted in Why Johnny Can't Encrypt, which was a usability evaluation of PGP by Whitten and Tygar. The author's observed that user errors cause or contribute to most computer security failures, yet user interfaces for security still tend to be clumsy, confusing, or near-nonexistent. While the paper was written in 1999, most of its findings are still relevant.

Chapter 6 provides 3 fascinating case studies that show have different approach to security technology and cryptographic deployments are imperative in ensuring that they work.

In just under 200 pages, the books 7 chapters provide both a fascinating overview of the history of cryptography, in addition to showing how cryptography can be effectively used to authenticate digital documents. The book also has a high-level framework (a comprehensive framework would require at least 5 times as many pages) for an effective cryptographic framework for digital trust.

As Blanchette notes many times in the book, the challenge with getting digital signatures to work is not with the technology; rather it is with the underlying societal infrastructure in which to make it work. France was brought kicking and screaming into the age of electronic authentication, and is one of the few countries that have had such widespread success.

The book is a fascinating read that details how frustrating difficult it has been to create a comprehensive mechanism for digital authentication. The book raises many beguiling questions, and Blanchette is smart enough to notes that there are no simply answers to these multifaceted problems.

Burdens of Proof: Cryptographic Culture and Evidence Law in the Age of Electronic Documents is both a fascinating overview of the history of paper and electronic authentication, in addition to providing a synopsis of what it will take to make create a cryptographic culture, where digital evidence will be as accepted in the courtroom, as its antique paper cousin.

The security, the protocol, the encryption, BUT, as you already guessed, our sweat government does not want us to have secure and secret documents, without the ability to spy on them, whenever they want to, and for whatever funny reason.

You do realize that the full blown encryption between person A and person B does not involve anything but the public keys from A and B for encryption, and the private keys from A and B for decryption?
You do realize that there is no need of third party (government) to assist you of securing an encrypted tunnel between A and B?
Again, do you really know what secure connection is?

Almost. Such an encryption protects entirely against passive interception, but has a serious weakness: MITM attacks. There are only two ways to solve this problem. One is to pre-exchange keys over a secure channel. That's fine for connecting to the company VPN and such situations when someone has to physically set up the endpoints, but it's not a lot of use on the internet. The other is to have a trusted third party provide confirmation of identity, and in turn authenticate this third party by keys exchanged over a secure channel. It's a really ugly method (Can you *really* trust any of those CAs? Of course not!) but as of now, it's the only option there is. Some protocols rely on a web-of-trust system, but again it isn't suitable for all situations, particually those in which nodes are many and connections infrequent and transient.

Almost. Such an encryption protects entirely against passive interception, but has a serious weakness: MITM attacks...

It seems like you are conflating security and encryption. Perfect encryption exists and is trivial for any two parties to use. There is no MITM problem. Security is only possible insofar as you trust someone or something - whether it be the person you are handing/receiving your public key to, or the web of trust, or whatever else.

And, of course, once you have exchanged public keys and can start an *encrypted* conversation, verification of identity can be established by external (what was our previously a

Actually, what i am trying to imply is that if I, and my Friend decide to establish secure tunnel between us, and having before that exchanged the private keys, then it will become extremely difficult for anyone else to decode our conversation, or to pretend to be one of the parties (yes, that's true, the man in the middle has to have one of the private keys too if he wants to succeed). In most cases, this is enough, as the only way for the Evil guy to take your keys is to do it in person, physically. And i

Unless he manages to convince each party that the public key has changed, without the secure connection.

For example, you have JohnA@gmail.com and JohnB@gmail.com , and they have a secure connection through assymetric encryption.I create my own private keys JohnA@gmail.com and JohnB@gmail.com , and corresponding public keys.

I send a mail from JohanB@gmail.Com to JohnA@gmail.com , stating that I've changed my key, and this is the new public key.I do the same from JohanA@gmail.com to JohnB@gmail.com.

Actually, what i am trying to imply is that if I, and my Friend decide to establish secure tunnel between us, and having before that exchanged the private keys,

Public keys.

then it will become extremely difficult for anyone else to decode our conversation, or to pretend to be one of the parties (yes, that's true, the man in the middle has to have one of the private keys too if he wants to succeed).

It is *impossible* unless they have your private key *and the ability to use it* (your passphrase).

In most cases, this is enough, as the only way for the Evil guy to take your keys is to do it in person, physically. And if he has to do it for 300 million people...you make the math.

Right. Or compromise your system in such a way that they can view what you do when you decode the conversation.

You skip over the problem - exchanging public keys. If the channel isn't secure then what is there to stop an attacker from intercepting the keys in transit and replacing them with his own? You need to have either a secure channel for key exchange or a pre-shared secret. Neither of which is an option when you just want to view a website you've never visited before over SSL.

It is secure against a passive evesdropper, but not an active MITM able to modify as well as intercept communications. Such an attacker could simply impersonate both parties to communicate with the other.

It's frightening reading. Widespread domestic security for electronic documents is being sacrificed to permit government access to communications, both foreign and domestic, with and without court order or knowledge of anyone being monitored. The fiber optic taps in AT&T's core data center planted by the NSA were quite real, quite illegal, and the personnel involved have been given immunity.

The key length for all the bank transaction is a joke. Any sane government with enough computer power could crack it. Translated: USA, USSR, China...
Just for comparison, the key length for encrypting the traffic in Microsoft Windows platform is 2048. I wonder why!!!!

2048 bit encryption is far beyond the capabilities of any entity on earth (or even all combined) to brute-force. 256 bit AES is still considered beyond the reach of government to decrypt, but it is perhaps out of reach only by a factor 1000 or so. 2048 bit is perfectly secure.

Besides, since private entities cannot guarantee their physical security, how many bits they use is completely inconsequential : this is why [xkcd.com]. To protect a few files on your harddrive from your employer or your mom, 3bit encryption is p

I think there is a lot of hype around the NSA and their capability to encrypt.
We have never seen a single instance where thy have gone to the courts and shown they decrypted strong encryption without some external vulnerability.

I think many future political activists who were very 'open' on the net when young and stupid will end up paying for it hugely down the line when they mature and want to change the world for the better and then find out your political enemies goons know about things that could discredit you in the public eye.

Part of the problem is that there's this expectation that everyone be squeaky clean, and never have had made a mistake. It shouldn't matter all that much if someone did something stupid when they wer

EVERYTHING related to PC's is still, after 30 years, a clumsy bolt-on. Hell, networking and printing still have to be added, tweaked and configured and VPN is still a mess. As long as we tolerate companies like MS shoveling Windows 8 at us while the guts under the covers are garbage, this is what we'll get. I mean with a multicore processor there's no way to make one of those cores a security specific ASIC that does all the heavy lifting for security across the board in hardware. But we'll never get that be

Amazon "search inside this book" has no results for "NP" as in P vs. NP. How can that be? The book doesn't draw the connection to this major relevant open question on one hand, but has "burden of proof" in the title on the other hand?

Cryptography has a poor track record of trying to use NP-hard or NP-complete problems to form ciphers. Even if P = NP it may still be possible to find algorithms with constant factors that make encryption and decryption practical but brute-force decryption impractical.

Y'know, I wondered if anyone was going to point out something along those lines. Actually, IIRC, the original maximum "official" memory capacity of the early 64K PC1 was in fact 256K if you only used official IBM memory expansion cards, but the memory map officially allowed up to 512K of RAM (and was supported by some 3rd party expansion cards). A few years later, IBM apparently realized that there wasn't really a need to reserve the entire remaining 512K of addressing space for ROM and device-specific RA

The original 64KB 5150 motherboard (4 banks of 16KB each) supported 512KB AST and other 3rd-party option cards, but carried ROMs that had a total system limit less than 640KB. The second gen motherboard supported 4x 64KB, of 256 KB on the motherboard, and 640KB of main memory overall. My recollection is of some number like 512KB + 32KB, for a total of 544KB, but it could have been 512KB+64KB, or 576KB; STILL not 640KB. I remember this because I once had to replace ROMs from gen 1 motherboards so I could

In the paper world you have to invest significant resources to forge each paper document. In the digital world if you can forge one document with a free tool you can forge as many as you want. To raise the cost of being able to forge a digital document beyond what an attacker is willing to pay the cost of legitimate use becomes greater than the benefit.

One possible solution is a hierarchy of security where the higher layers increase both the cost of forgery and the cost of legitimate use and let the mark

We need to be clear about what EV is. It's not about SSL, it's about X.509. It doesn't solve a technical problem because EV identifies no technical problem with X.509 certificates. EV promises a procedural solution to a procedural problem, namely the failure by Certificate Authorities to take reasonable care to check the real-world credentials of certificate requestors in order to determine that they are who they claim to be.
In effect, the CAs are saying, "Yeah, well, we were a bit negligent the last

To raise the cost of being able to forge a digital document beyond what an attacker is willing to pay the cost of legitimate use becomes greater than the benefit.

Exactly why we have spam. Make sending forged address and spammy e-mail require prepaid costs such that it was as expensive as snail mail and spam would drop from 90% of mail to less than 0.1%. It's only because it costs nearly nothing either directly for small quantities (like phishing scams) or via botnets to send huge quantities of spam (for bulk ads for fraudulent products including erectile disfunction drugs) that so much can be generated. We have some partial solutions but the entire solution requires